-Dweblogic.StdoutDebugEnabled=true
-Dweblogic.DebugSecurityAtz=true
-Dweblogic.DebugSecurityAtn=true
-Dweblogic.DebugSecurityAdjudicator=true
-Dweblogic.DebugSecurityRoleMap=true
“In the console you must set environment -> servers -> AdminServer -> Logging -> Advanced -> Severity Level to debug. To turn on security logging you have to change environment -> servers -> AdminServer -> Debug -> WebLogic -> security -> atn -> DebugSecurityAtn to enabled.”
-Dssl.debug=true
-Dweblogic.StdoutDebugEnabled=true
-Dweblogic.security.SSL.debugEaten=true
-Dweblogic.security.SSL.protocolVersion=SSL3
—————–WLS 8.1 SP6————-
-Dweblogic.security.SSL.verbose=true
-Dweblogic.Debug = weblogic.DebugSecurityAtn, weblogic.DebugSecurityAtz
-Debug Flag For node manager:
-Dweblogic.StdoutDebugEnabled=true
-Dweblogic.nodemanager.debugEnabled=true
-Dweblogic.nodemanager.debugLevel=90
Host name verification check:
Node Manager:
-Dweblogic.nodemanager.sslHostNameVerificationEnabled=false
Admin Server:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
————————————————————————————————————–
LDAP Related Debug Flags:
-Dweblogic.debug.DebugEmbeddedLDAPLogLevel=11
-Dweblogic.debug.DebugEmbeddedLDAP=true
—————————————————————–
Validate the certifiacte chain:
java utils.ValidateCertChain -pem UAT2.cer
——————————————————————–
For Bad Certificate Error:
-Dweblogic.security.SSL.allowSmallRSAExponent=true
I would suggest you to add the below option to your startup script for the managed server.
Want to Improve Managed Server Startup Time?
-Dweblogic.security.MSILocalLDAPOnly=true
Setting -Dweblogic.security.MSILocalLDAPOnly=true on the managed server, causes the managed server LDAP to write policies to its local LDAP only. This reduces the overall time to start the managed server along with the policies being available locally. If the MSI state changes and the server becomes available then the writes to the administration server LDAP will resume.
Please first start the admin server and start the managed server in normal mode with the above option added to the startup script. Once the servers have started normally Shutdown the admin server and attempt to restart the managed server in MSI mode.
——————————————————————————————————————-
Common Security Debug Flags-1:
-Dweblogic.StdoutDebugEnabled=true
-Dweblogic.Debug=weblogic.MasterDeployer
-Dweblogic.Debug=weblogic.MasterDeployer
-Dweblogic.Debug=weblogic.SlaveDeployer
-Dweblogic.Debug=weblogic.DeploymentTaskRuntime
-Dweblogic.Debug=weblogic.DeployerRuntime
-Dweblogic.Debug=weblogic.ApplicationContainer
———————————————————————————————————————-
Sun implementation of -D options and comment out the system properties (related to ssl certs) in your jsp and to test with SSL debugs.
To specify Sun’s SSL implementation, use the following properties:
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
-Djavax.net.ssl.keyStore=lacbra900w0230-client.jks
-Djavax.net.ssl.keyStorePassword=keyStorePassword
—————————————————————————————————
-Dweblogic.wsee.client.ssl.usejdk=true
-Dweblogic.webservice.client.ssl.ignoreHostnameVerification=true
-Dweblogic.webservice.client.ssl.strictcertchecking=false
——————————————————————————————–
To specify Sun’s SSL implementation, use the following properties:
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
-Dweblogic.wsee.client.ssl.usejdk=true
-Djavax.net.ssl.trustStore=lacbra900w0230-clienttrust.jks
-Djavax.net.ssl.trustStorePassword=trustStorePassword
-Djavax.net.ssl.keyStore=lacbra900w0230-client.jks
-Djavax.net.ssl.keyStorePassword=keyStorePassword
-Dweblogic.webservice.client.ssl.ignoreHostnameVerification=true
-Dweblogic.webservice.client.ssl.strictcertchecking=false
——————————————————————————————–
Class Loader Debug Flags:
-Dweblogic.utils.classloaders.ClasspathClassFinder=true
-Dweblogic.utils.classloaders.GenericClassLoader.Verbose=true
-Dweblogic.utils.classloaders.ChangeAwareClassLoader.Verbose=true
——————————————————————————–
WebLogic General Debug Flags:
-Dlog4j.debug=true
-Dweblogic.debug.DebugConfigurationEdit=true
-Dweblogic.debug.DebugDeploymentTaskRuntime=true
-Dweblogic.debug.DebugDeploymentManagerAdmin=true
-Dweblogic.debug.DebugDeploymentManagerTarget=true
-Dweblogic.debug.DebugDeploymentOperationsAdmin=true
-Dweblogic.debug.DebugDeploymentManagerTargetOperations=true
-Dweblogic.debug.DebugDeploymentServiceApiTargetCalls=true
-Dweblogic.debug.DebugDeploymentServiceApiAdminCalls=true
-Dweblogic.debug.DebugDeploymentServiceApiAdminCallback=true
-Dweblogic.debug.DebugDeploymentServiceApiTargetCallback=true
-Dweblogic.debug.DebugDeploymentServiceStatusUpdatesAdmin=true
-Dweblogic.debug.DebugDeploymentServiceTransport=true
-Dweblogic.debug.DebugDeploymentServiceStatusUpdatesTarget=true
———————————
-Dweblogic.security.SSL.trustedCAKeyStore=
-Dweblogic.webservice.client.ssl.trustedcer=
————————————————————
-Dweblogic.Debug=weblogic.JDBCConn,weblogic.JDBCConnStackTrace,weblogic.JDBCSQL
——————————
-Dweblogic.ProductionModeEnabled= {true | false}
———————————
-Dweblogic.management.allowClearTextPasswords=true
—————————————————————
-Dweblogic.security.disableNullCipher=true
-Dweblogic.security.SSL.allowUnencryptedNullCipher=false
——————————————————————
——————————————————————–
JMX related Debug Flags:
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.port=8888
-Dcom.sun.management.jmxremote.authenticate=false
————————-
demo password:
DemoIdentityKeyStorePassPhrase
—————————————————
Common Security Debug Flags-2:
-Dweblogic.debug.DebugSecuritySAMLAtn=true
-Dweblogic.debug.DebugSecuritySAMLLib=true
-Dweblogic.debug.DebugSecuritySAML2Service=true
-Dweblogic.debug.DebugSecuritySAML2CredMap=true
-Dweblogic.debug.DebugSecuritySAML2Atn=true
-Dweblogic.security.realm.debug=true
-Dweblogic.security.SSL.verbose=true
-Dweblogic.security.ssl.verbose=true
-Dssl.debug=true
-Dweblogic.security.RSA.verbose=true
-Dweblogic.security.RC4.verbose=true
-Dweblogic.client.SocketConnectTimeoutInSecs
-Djavax.security.auth.useSubjectCredsOnly=false
-Dweblogic.security.enableNegotiate=true
-DDebugSecurityAdjudicator=false
-Dweblogic.StdoutDebugEnabled=false
-Dweblogic.StdoutSeverityLevel=64
-Dweblogic.Debug.DebugSecurityAtz=false
-Dweblogic.Debug.DebugSecurityAtn=false
-Dsun.security.krb5.debug=false
————————————————————-
JAVA_OPTIONS=”$JAVA_OPTIONS -Dssl.debug=true”
JAVA_OPTIONS=”$JAVA_OPTIONS -Dweblogic.StdoutDebugEnabled=true”
WebService Debug Flags:
-Dweblogic.webservice.verbose=true (For WLS8.1)
-Dweblogic.wsee.verbose=* (For WLS 9.x onwards very Useful to Collect the Complete SOAP request and Response. This flag can be applied on bith Client as well as on Server side.)
-Dweblogic.wsee.verbose=weblogic.wsee.ws.WsBuilder (Debug a Perticular Class)
-Dweblogic.wsee.verbose=weblogic.wsee.*
-DUseSunHttpHandler=true (To Tell WebLogic Server to use SUN Handlers Implementation in case of JAXWS)
-Dweblogic.xml.crypto.dsig.verbose=true
-Dweblogic.xml.crypto.encrypt.verbose=true
-Dweblogic.xml.crypto.keyinfo.verbose=true
—————————————
-Dweblogic.servlet.DIDisabled=true
You can turn off annotation processing and DI for all the Web applications by setting -Dweblogic.servlet.DIDisabled=true flag when starting WebLogic Server.
(or for a specific Application….Set the metadata-complete attribute to true in the web.xml descriptor if your Web application does not have any annotations and if you have the version set to 2.5 to avoid unnecessary scanning of the Web applications classes for annotations.)
TROUBLESHOOTING Singleton Services
The following WebLogic debug flags would help diagnose any problems that arise in Singleton Service feature area. The debug messages are logged in the appropriate server log files.
Subsystem Area
Debug flag
Information about the Singleton Monitor’s actions -Dweblogic.debug.DebugSingletonServices=true
If using Consensus Leasing
-Dweblogic.debug.DebugConsensusLeasing=true
To trace the JMSServer deployment/undeployment
-Dweblogic.debug.DebugJMSBackEnd=true
To trace the SAFAgent deployment/undeployment
-Dweblogic.debug.DebugJMSSAF=true
To trace the JMS Module deployment/undeployment
-Dweblogic.debug.DebugJMSModule=true
To trace the Persistent Store deployment/undeployment
-Dweblogic.debug.DebugStoreIOPhysical=true -Dweblogic.debug.DebugStoreIOLogical=true -Dweblogic.debug.DebugStoreIOLogicalBoot=true
No comments:
Post a Comment